neurowisebho.dll

neurowise

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module neurowisebho.dll by neurowise has been detected as adware by 31 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘neurowise’. This file is typically installed with the program neurowise by Yontoo Technology, Inc. which is a potentially unwanted software program. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
neurowise  (signed and verified)

Product:
neurowise

Version:
1.0.0.3

MD5:
f3b93197b05fae38add16c2620db9772

SHA-1:
a647027613dd8f889b2f1105f23e94adb66a9e28

SHA-256:
decaf8bb819455afb3729786d608e8fcf541c91d8d28f8b0672d37c1bc64ff96

Scanner detections:
31 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
12/28/2024 12:41:04 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.BrowseFox.G
860

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
ADWARE/BrowseFox.Gen2
7.11.174.250

AVG
BrowseFox.F
2015.0.3338

Baidu Antivirus
Adware.Win32.BrowseFox
4.0.3.14927

Bitdefender
Adware.BrowseFox.G
1.0.20.1350

Clam AntiVirus
Win.Adware.Browsefox-7
0.98/21411

Comodo Security
Application.Win32.BrowseFox.JM
19634

Dr.Web
Trojan.BPlug.141
9.0.1.0270

Emsisoft Anti-Malware
Adware.BrowseFox
8.14.09.27.11

ESET NOD32
Win32/BrowseFox (variant)
8.10475

Fortinet FortiGate
Adware/Agent
9/27/2014

F-Prot
W32/BadBHO.AW.gen
v6.4.7.1.166

F-Secure
Adware.BrowseFox.G
11.2014-27-09_7

G Data
Adware.BrowseFox
14.9.24

herdProtect (fuzzy)
2014.12.9.12

IKARUS anti.virus
not-a-virus:AdWare.Win32.Agent
t3scan.1.7.5.0

Kaspersky
not-a-virus:AdWare.Win32.Agent
14.0.0.3185

Malwarebytes
PUP.Optional.Neurowise.A
v2014.09.27.11

McAfee
Artemis!C70479920B92
5600.6994

MicroWorld eScan
Adware.BrowseFox.G
15.0.0.810

NANO AntiVirus
Trojan.Win32.BPlug.ddwtte
0.28.2.62286

nProtect
Trojan-Clicker/W32.LinkSwift.250144
14.09.26.01

Panda Antivirus
Trj/CI.A
14.09.27.11

Qihoo 360 Security
Malware.Radar03.Gen
1.0.0.1015

Reason Heuristics
Adware.Yontoo.BHO.M
14.9.27.23

Sophos
Generic PUA BF
4.98

SUPERAntiSpyware
Adware.BrowseFox/Variant
10333

Trend Micro House Call
Suspicious_GEN.F47V0810
7.2.270

VIPRE Antivirus
Yontoo
33474

Zillya! Antivirus
Backdoor.PePatch.Win32.44267
2.0.0.1935

File size:
244.3 KB (250,144 bytes)

Product version:
1.0.0.3

Copyright:
(c) neurowise. All rights reserved.

Original file name:
neurowiseIEClient.dll

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\neurowise\neurowisebho.dll

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
4/29/2014 3:00:00 AM

Valid to:
4/30/2015 2:59:59 AM

Subject:
CN=neurowise, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=neurowise, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6D39162AD22EF7230D6D19FE64DA8198

File PE Metadata
Compilation timestamp:
9/26/2014 11:50:27 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:H9Botzn5MrRY/xRyklvnnD8uDTci+G3IaIRxdjBUZxz:HGzn5MtY/LycjI3AZxz

Entry address:
0x12854

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 41, 8D, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 80, 30, 03, 10, E8, BD, 01, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 24, 78, 03, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 0C, A5, 02, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Entropy:
6.3610

Developed / compiled with:
Microsoft Visual C++

Code size:
159 KB (162,816 bytes)

Internet Explorer BHO
Display name:
neurowise

CLSID:
{d08ab008-0647-4784-8e2c-5769cd4a7c3a}


The file neurowisebho.dll has been discovered within the following programs.

neurowise  by Yontoo Technology, Inc.
neurowise is an advertising supported (adware) extension that runs in the context of the user's web browser as well as a process in the background.
neurowise.info/support
84% remove it
 
Powered by Should I Remove It?

The file neurowisebho.dll has been seen being distributed by the following URL.

Remove neurowisebho.dll - Powered by Reason Core Security